PLDT’s wireless unit Smart Communications Inc. (Smart) believes that foreign syndicates could be bankrolling text scams targeting Philippine telco customers.
“Based on our initial investigation and through our cooperation with law enforcement agencies and state investigators, it is highly possible that foreigners are behind the text scams that are plaguing mobile users in the country,” said Angel Redoble, FVP and chief information security Officer of PLDT and Smart. “They are working with domestic operators to purchase prepaid SIMs in bulk and use these to send ‘smishing’ messages,”
The investigation of PLDT and Smart’s Cyber Security Operations Group (CSOG) found that the latest smishing (SMS phishing) attacks are “most likely being sent person-to-person and do not originate from aggregators.” Smart has intensified efforts against smishing attacks. From June to August alone, Smart has deactivated 167,000 SIMs that were involved in the illegal activity.
Smart has thrown its support behind the proposed SIM card registration bill that was recently approved on second reading by lawmakers. Prepaid SIMs in the Philippines are often sold without getting the customer’s personal information.
While waiting for the measure to be enacted into law, Smart says it is streamlining the process to efficiently collect relevant customer data and ensure that these are protected at all levels. It’s also checking vulnerabilities of other platforms that might be exploited by scammers once the law takes effect.
Smart has also welcomed the government-led joint investigation into the illegal activity. It has been closely coordinating with law enforcers and regulators to net the persons behind the modus.
“We need a whole-of-community approach. We are sharing relevant information with authorities to identify the perpetrators. We also need to find out how the criminals were able to amass mobile numbers so we can find a solution that will further protect personal data,” Redoble said.
Smart also urges customers to refrain from engaging scammers and to avoid clicking the links that are often found in these messages. Smart encourages customers to report smishing incidents and fraudulent activities to firstname.lastname@example.org.